yum install rsyslog
vi /etc/rsyslog.conf
#send all log events to QRadar via UDP
*.* @20.2.0.1:514 #send all log events to (your server ip Addr) via UDP
*.* @20.2.0.2:514 #send all log events to (your server ip Addr) via UDP
systemctl restart rsyslog
tcpdump -i eth0 host 10.240.0.2
0 Comments